Computer & Internet Security is very important but sometimes it is so confusing and frustrating that it makes users very unhappy to a point where the system is so secure that it cannot be used by its most legitimate users, like system administratorsFor more than 20 years we have written about user satisfaction, and it seems as if even with all the changes during this time, some things remain the same (See reference list). For example, our article about "What Makes Users Happy" (COMMUNICATIONS OF THE ASSOCIATION FOR COMPUTING MACHINERY, Vol. 29, No. 7, 594-598, July 1986) shows that system response time is the single most important factor. But it seems that sometimes the design of software slows down the system response time to a level that can make users very unhappy. Such a case in point is the Microsoft IIS & SPTS Internet Information Server and Share Point Team Services.
I have installed Microsoft SharePoint on one of the Web servers that I administer. Even though I have done it at least 30 times before, I still have problems with it. Microsoft SharePoint Team Services is a Web application that Microsoft bundled with Microsoft Office 2000/2002, which enables users to collaborate and share information on a Web server.
As the administrator of several Microsoft Web servers, I recently installed yet another Web server. But, after trying to upload a document to that Web server I received the following error message: "You are not authorized to view this page."
I conducted a Google search to find out solutions for this problem. Specifically, I entered the following search into the Google search engine:
"Microsoft SharePoint You are not authorized to view this page."
I found that Google listed 1-10 of about 4,010 articles revolving around the exact same issue. At this point I broke down and decided to resolve this problem and write this article.
I read the first few articles and followed their instructions. However, even though they all appeared quite logical, none of them solved my problem. I found that not one of them provided a correct solution to the problem that worked in my case. I gave up and proceeded to solve it by myself.
Following is the error message that Microsoft Web Server displayed it on the screen of the local host, the Web server machine:
"You do not have permission to view this page using your current user account."
Please try the following:
"If you have another user account with a higher level of permission, click your browser's Back button to try again using that account.
"If you believe you should be able to view this page, contact the Web site administrator.
Error Cannot complete this action.
Please try again.
If this problem persists, please contact your administrator.
Troubleshoot issues with Microsoft SharePoint. (See Appendix A for actual output in HTML)
Anonymous access was checked marked. The following explanation appears at the dialogue box saying "No user name/password required to access this resource." But, this is not true! As the Administrator continues to read the dialog box, just in the next section, the following contradictory statement appears
"Authenticated access for the following authentication methods, user name and password are required when -anonymous access is disabled, or -access is restricted using NTFS access control list" (See Appendix 1: 1DefaultWebSitePropertiesDirectorySecurityAuthenticationMethos)
ANONYMOUS ACCESS IS DISABLED
Anonymous access has not been disabled, by me the administrator, nor has it been disabled by default. But due to this statement, one may be misled to go on a wild goose chase trying to figure out how else to enable the already-enabled Anonymous access (by checking the box in the Authentication Method dialogue box).
ACCESS IS RESTRICTED USING NTFS ACCESS CONTROL LIST
Access is not restricted using NTFS access control list. As the administrator, I went into the directory of the root of the Web server "C:\Inetpub\wwwroot." This misleads the administrator to think that enabling the permissions on the directory may allow access to the Web server, as I have done, to no avail
As we can see the Sharing Tab of the Workout Properties Check marks "Share This Folder On The Network And Allow Network Users To Change MyFiles." Yet the server still issues the infamous message as follows "You are not authorized to view this page"
I then thought that it may have to do with the "NTFS access control list," as opposed to "FAT32." (NTFS refers to New Technology File System versus its older counter part file structure, FAT32-File Allocation 32 bit, which is Microsoft's terminology for Hard Disk Drive file structures).
By this time, I had given up struggling to figure out what to do I surfed the Internet a bit and decided to check with an older FAT32 server, in which I had already encountered and solved the same problem several years ago. In the meantime, I forgot how I resolved it before, and furthermore I thought that due to the more recent NTFS the old tricks of FAT32 may no longer apply. That was wrong! I went back to the old Web server machine, checking the properties of the same tab, finding some differences. The differences included the following additional 2 check marks that I noticed right away:
-Allow IIS to control password, and
-Integrated Windows authentication.
ALLOW IIS TO CONTROL PASSWORD
I had followed the practice of the running old FAT32 Windows XP Web server, and check marked the "[x] Allow IIS to control password." I thought that this would allow IIS (Microsoft Internet Information Server Version 5 bundled with Windows XP Professional Operating System, bundled with the PC Hardware).
INTEGRATED WINDOWS AUTHENTICATION
Much like the previous check mark, I followed the same procedure for the following option of "Integrated Windows authentication." I have also check-marked this option for the NTFS Web server. I hope that this will emulate the working FAT32 Web server, enabling me, the administrator, to avoid the annoying "You are not authorized to view this page" message. I was right, but then I remembered that I had done it already several times before, each time forgetting how I solved the problem the previous time.
SUMMARY CONCLUSIONS & IMPLICATIONS
In summary, we have demonstrated how confusing security procedures can make users very unhappy. We also demonstrated how to solve the problem of dealing with some of the Microsoft issues regarding "INTEGRATED WINDOWS AUTHENTICATION," "ALLOW IIS TO CONTROL PASSWORD," and "ANONYMOUS ACCESS." The implications are that some things do not change: Users still want a responsive system, and when problems occur, a responsive company corrects the problems, or at least explains how to correct the problems.
[NOTE: FOR THE APPENDICES OR FOR OTHER INFORMATION, PLEASE CONTACT THE AUTHORS AT [email protected]]
1 Rushinek, A. and Rushinek, S. "Distribution Processing: Implications and Applications for Business," JOURNAL OF SYSTEMS MANAGEMENT, Vol. 35, No. 7, 21-27, July 1984.
2 Rushinek, A. and Rushinek, S. "The Effects of Word Processing Software on User Satisfaction: An Empirical Study of Micro, Mini and Mainframe Computers," OFFICE SYSTEMS RESEARCH JOURNAL, Vol. 3, No. 1, lead article 1-16, Fall 1984.
3 Rushinek, A. and Rushinek, S. "Mini/Micro Computer Evaluation of System Features: An Empirical Discriminant Model of Software and Hardware Expandability, Compatibility, Cost/Efficiency, Installation and Delivery," MANAGERIAL AND DECISION ECONOMICS, Vol. 5, No. 3, 150-159, September 1984.
4 Rushinek, A. and Rushinek, S. "Computer Assisted Manufacturing Software Related to User Satisfaction: An Interactive Knowledge Based System Using Diagnostic Audit Trails for Planning and Control," JOURNAL OF INFORMATION AND OPTIMIZATION SCIENCES, Vol. 6, No. 3, 1985.
5 Rushinek, A. and Rushinek, S. "Health and Medical Software Related to Computer User Satisfaction: An Interactive Online Expert System Using Diagnostic Audit Trails Through Telecommunication Networks," HEALTH POLICY, Vol. 4, 199-219, 1985.
6 Rushinek, A. and Rushinek, S. "Preliminary Studies On the Development of a Decision Support System for Evaluating Engineering and Scientific Software," ADVANCES IN ENGINEERING SOFTWARE, Vol. 7, No. 4, 173-178, 1985.
7 Rushinek, S. and Rushinek, A. "User Involvement in the Development and Use of Computer Based Systems for the Health and Rehabilitation Sciences: Reducing Protocol Errors," INTERNATIONAL JOURNAL OF REHABILITATION RESEARCH, Vol. 8, No. 4, 443-454, 1985.
8 Rushinek, S. and Rushinek, A. "Effect of System Ratings on User Satisfaction," INFORMATION AGE, Vol. 7, No. 2, 98-106, April 1985.
9 Rushinek, A. and Rushinek, S. "Operating Systems, Compilers, Assemblers and Application Programs: Audit Trails of User Satisfaction," MICROPROCESSORS AND MICROSYSTEMS, Vol. 9, No. 5, 241-249, June 1985.
10 Rushinek, A. and Rushinek, S. "Health Marketing and Sales Distribution Software Related to Computer User Satisfaction," HEALTH MARKETING QUARTERLY, Vol. 3, No. 1, 79-101, Fall 1985.
11 Rushinek, A. and Rushinek, S. "Production and Inventory Management Software Packages Related to User Reactions," PRODUCTION AND INVENTORY MANAGEMENT, Vol. 27, No. 1, 75-84, 1986.
12 Rushinek, A. and Rushinek, S. "The Effects of Communication Monitors on User Satisfaction," INFORMATION PROCESSING AND MANAGEMENT, Vol. 22, No. 4, 345-351, January 1986.
13 Rushinek, A. and Rushinek, S. "The Influence of Trouble-Shooting, Education and Documentation on Computer User Satisfaction," IEEE TRANSACTIONS ON SYSTEMS, MAN AND CYBERNETICS, Vol. SMC-16, No. 1, 165-167, January/February 1986.
14 Rushinek, A. and Rushinek, S. "What Makes Users Happy," COMMUNICATIONS OF THE ASSOCIATION FOR COMPUTING MACHINERY (ACM), Vol. 29, No. 7, 594-598, July 1986.
15 Rushinek, A. and Rushinek, S. "The Effects of Computer Location on End-user Satisfaction," INDUSTRIAL MANAGEMENT AND DATA SYSTEMS, 3-7, November-December 1986.
16 Rushinek, S. and Rushinek, A. "An Application Model for Computer Assisted Design and Manufacturing Using a Product Evaluation and Selection System," COMPUTERS & INDUSTRIAL ENGINEERING, Vol.12, No. 3, 173-180, 1987.
17 Rushinek, A. and Rushinek, S. "CAD-CAM (Computer Assisted Design- Computer Assisted Manufacturing) Electronic Design Case Study: A Needs Assessment for Microcomputer Users, Vendors and Consultants," INTERNATIONAL JOURNAL OF APPLIED ENGINEERING EDUCATION, Vol. 3, No. 3, 299-306, 1987.
18 Rushinek, S. and Rushinek, A. "Education, Scheduling and Administration Related to Computer User Satisfaction: An Interactive On-line Expert System Using Diagnostic Audit Trails Through Telecommunication Networks," INTERNATIONAL JOURNAL OF APPLIED ENGINEERING EDUCATION, Vol. 3, No. 4, 399-412, 1987.
19 Rushinek, A. and Rushinek, S. "Business Graphic Packages," JOURNAL OF SYSTEMS MANAGEMENT, Volume 39, No. 3, 12-21, March 1988.
20 Rushinek, A. and Rushinek, S. "Graphics Board (GB) Case Study: Feature Selection System for Microcomputer users and Manufacturers" INTERNATIONAL JOURNAL OF MICROGRAPHICS & VIDEO TECHNOLOGY, 1988.
21 Rushinek, A. and Rushinek, S. "A Feature Selection System for Multiuser Databases," OMEGA: THE INTERNATIONAL JOURNAL OF MANAGEMENT SCIENCE, Volume 17, No. 1, January 1989.
22 Rushinek, A. and Rushinek, S. "Accelerator Boards, Memory, Power, Coprocessor, and Price in an Automated and Networked Matching Algorithm of Users' Needs", COMPUTERS & ELECTRICAL ENGINEERING, Vol. 15, No.3/4, 131-142, 1989.
23 Rushinek, A. and Rushinek, S. "Training Software Case Study: A Product Evaluation and Selection System", JOURNAL OF EDUCATION FOR BUSINESS, 1989.
24 Rushinek, A. and Rushinek, S. "Matching Program Code Generators to Software Developers' Needs", OMEGA: THE INTERNATIONAL JOURNAL OF MANAGEMENT SCIENCE, Vol. 18, No. 3, 1990.
25 Rushinek, A. and Rushinek, S. "Terminal Emulation Controllers, Duplex, Communication Protocols, Multisession Networks, Copy Protection, Baud-Rate, and Windows Compatibility: Profit Measures and Product Features", TELEMATICS AND INFORMATICS, Pergammon Press, Vol. 10, No. 1, 1993, 59-73.
26 Rushinek, A. and Rushinek, S. "Project Management Software Feature Profitability: Windows, Networks, Mainframes, Filtered Task Diagrams, Schedules, and Calendars, JOURNAL OF COMPUTER INFORMATION SYSTEMS (JCIS), Vol. 37, No. 4, Summer 1997, 48-55.
The authors are professors at the University of Miami and board members of The Institute of Internal Auditors. They will provide additional information on this topic upon written request. Avi Rushinek's ([email protected]) research interests include e-commerce security and controls; HIPAA (Health Insurance Portability & Accountability), Sarbanes-Oxley & Basel II Compliance Forensic Accounting, Web marketing ROI, e-learning, and Internet domain copyright, trademarks and patents ROI. Sara Rushinek's research interests include business intelligence and data mining for decision-making, electronic stock trading; and e-commerce security of enterprise resource management.